Monday, October 10, 2016

(The Big Disrupt) Cybersecurity: The fine rewards for failure –Why the Cybersecurity industry is set to explode and why that's bad thing

All companies, much like the people who own and work for them, don't like failing and for good reason. Failure means bad earnings, job losses and lawsuits but failure in cybersecurity is currently driving agrowth market.

You might be wondering how this is possible but the answer is simple; bad timing. With the advent of IoT, the internet is expanding into the physical world at a rate CIO's and CISO's can't handle which is why a growing number of the devices we ownfrom fitness trackers, smartphones and even household appliances are vulnerable and at the mercy of hackers looking to steal valuable data to sell on the black market. What makes this worse is that CIO's and CISO's can't hire this problem away as the cybersecurity labour market has beenthin.

The upshot of all this has madecybersecurity the safest career path in corporate history despite organizations across the board reporting large data breaches. However, careers are made and lost at a blink of the eye as CIO's and CISO's are often the fall guys when things fall apart. While CIO's and CISO's are naturally targets for blame when an organization experiences a breach, CIO's and CISO's arefighting a losing battlewhere they're asked to play an expensive game of whack-a-mole where the moles are getting smarter and the holes are expanding.

Oorganisations, now realising that suffering a breach is question of if rather than when, are coming to grips with the fact that they need contingency plan beyond a hokey and unassuring press release and sharp spike in their legal firm's monthly retainer. In searching for that contingency, a number of organisations have taken out a cyber insurance policy which has turned cyber insurance from a relatively dormant sideshow insurers used to upsell customersto one of the hottest markets in insurance. Some commentators see cyber insurance as a way to encourage organisations to improve their security posture but with the cover of an cyber insurance policy, organisations also have an incentive to lean on their insurance should the worsthappen.

What all this means is that the expansion of the internetinto the real world via IoT couldn't have come at worst time when corporations and governments cannot guarantee the safety of their large computer networks and yet spent billions expanding them creating booming markets in securing devices that predicted to be at least three times number of humans on earth. Insanity is doing the same thing and expecting different results and by that measure just about every major corporation embracing the vast expansion of the internet into the real world are certifiable.

In sum, cybersecurity is a fine industry if you like job security but if you like to avoid record breaking failure on a yearly basis, cybersecurity is not for you.